Skip to content
Snippets Groups Projects

Put groups_direct field in CI JWT tokens behind feature flag

Merged Stan Hu requested to merge sh-groups-direct-ci-jwt-ff-17-1 into 17-1-stable-ee
All threads resolved!
4 files
+ 28
5
Compare changes
  • Side-by-side
  • Inline
Files
4
  • In GitLab 16.11
    !146881
    introduced the `groups_direct` fields for CI JWT tokens used in the
    Vault integration. However, since JWT tokens are often sent in the
    `Authorization` HTTP header, the addition of the `groups_direct` field
    can cause the header to exceed the maximum allowed header size of
    Web/proxy servers.
    
    To avoid this issue, put this `groups_direct` field behind a
    `ci_jwt_groups_direct` feature flag while we figure out the best way
    to handle this.
    
    Relates to #467253
    
    Changelog: changed
---
name: ci_jwt_groups_direct
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/435848
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161075
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/474908
milestone: '17.3'
group: group::pipeline execution
type: ops
default_enabled: false
Loading